Vulnerabilities (CVE)

Filtered by CWE-427
Total 755 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-4894 2 Hp, Samsung 2046 1vr14a, 1vr14a Firmware, 209u7a and 2043 more 2024-02-28 N/A 7.3 HIGH
Certain HP and Samsung Printer software packages may potentially be vulnerable to elevation of privilege due to Uncontrolled Search Path Element.
CVE-2021-41544 1 Siemens 1 Software Center 2024-02-28 N/A 7.8 HIGH
A vulnerability has been identified in Siemens Software Center (All versions < V3.0). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the directories on the DLL search path.
CVE-2023-37490 1 Sap 1 Businessobjects Business Intelligence 2024-02-28 N/A 9.0 CRITICAL
SAP Business Objects Installer - versions 420, 430, allows an authenticated attacker within the network to overwrite an executable file created in a temporary directory during the installation process. On replacing this executable with a malicious file, an attacker can completely compromise the confidentiality, integrity, and availability of the system
CVE-2022-47636 1 Outsystems 1 Service Studio 2024-02-28 N/A 7.8 HIGH
A DLL hijacking vulnerability has been discovered in OutSystems Service Studio 11 11.53.30 build 61739. When a user open a .oml file (OutSystems Modeling Language), the application will load the following DLLs from the same directory av_libGLESv2.dll, libcef.DLL, user32.dll, and d3d10warp.dll. Using a crafted DLL, it is possible to execute arbitrary code in the context of the current logged in user.
CVE-2023-35897 1 Ibm 2 Storage Protect, Storage Protect Client 2024-02-28 N/A 7.8 HIGH
IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw. IBM X-Force ID: 259246.
CVE-2023-3078 1 Lenovo 1 Universal Device Client 2024-02-28 N/A 7.8 HIGH
An uncontrolled search path vulnerability was reported in the Lenovo Universal Device Client (UDC) that could allow an attacker with local access to execute code with elevated privileges.
CVE-2023-23577 1 Intel 3 Ite Tech Consumer Infrared Driver, Nuc 11 Enthusiast Kit Nuc11phki7c, Nuc 11 Enthusiast Mini Pc Nuc11phki7caa 2024-02-28 N/A 7.3 HIGH
Uncontrolled search path element for some ITE Tech consumer infrared drivers before version 5.5.2.1 for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-40352 1 Mcafee 1 Safe Connect 2024-02-28 N/A 7.2 HIGH
McAfee Safe Connect before 2.16.1.126 may allow an adversary with system privileges to achieve privilege escalation by loading arbitrary DLLs.
CVE-2023-22841 1 Intel 2 C621a, Server Firmware Update Utility 2024-02-28 N/A 7.3 HIGH
Unquoted search path in the software installer for the System Firmware Update Utility (SysFwUpdt) for some Intel(R) Server Boards and Intel(R) Server Systems Based on Intel(R) 621A Chipset before version 16.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-34355 1 Intel 2 Integrated Bmc Video Driver, Server Board M10jnp2sb 2024-02-28 N/A 7.3 HIGH
Uncontrolled search path element for some Intel(R) Server Board M10JNP2SB integrated BMC video drivers before version 3.0 for Microsoft Windows and before version 1.13.4 for linux may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-25944 1 Intel 1 Vcust Tool 2024-02-28 N/A 7.8 HIGH
Uncontrolled search path element in some Intel(R) VCUST Tool software downloaded before February 3nd 2023 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-3662 1 Codesys 1 Development System 2024-02-28 N/A 7.3 HIGH
In CODESYS Development System versions from 3.5.17.0 and prior to 3.5.19.20 a vulnerability allows for execution of binaries from the current working directory in the users context .
CVE-2023-36344 1 Dieboldnixdorf 1 Vynamic View 2024-02-28 N/A 7.8 HIGH
An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and before allows a local attacker to execute arbitrary code via not restricting the search path for required DLLs and not verifying the signature.
CVE-2023-25182 1 Intel 1 Unite 2024-02-28 N/A 7.8 HIGH
Uncontrolled search path element in the Intel(R) Unite(R) Client software for Mac before version 4.2.11 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-37849 1 Watchguard 1 Panda Security Vpn 2024-02-28 N/A 6.5 MEDIUM
A DLL hijacking vulnerability in Panda Security VPN for Windows prior to version v15.14.8 allows attackers to execute arbitrary code via placing a crafted DLL file in the same directory as PANDAVPN.exe.
CVE-2023-31016 2 Microsoft, Nvidia 2 Windows, Virtual Gpu 2024-02-28 N/A 7.8 HIGH
NVIDIA GPU Display Driver for Windows contains a vulnerability where an uncontrolled search path element may allow an attacker to execute arbitrary code, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.
CVE-2023-28380 1 Intel 1 Ai Hackathon 2024-02-28 N/A 8.8 HIGH
Uncontrolled search path for the Intel(R) AI Hackathon software before version 2.0.0 may allow an unauthenticated user to potentially enable escalation of privilege via network access.
CVE-2023-28823 1 Intel 29 Advisor For Oneapi, Cpu Runtime For Opencl Applications, Distribution For Python Programming Language and 26 more 2024-02-28 N/A 7.3 HIGH
Uncontrolled search path in some Intel(R) oneAPI Toolkit and component software installers before version 4.3.1.493 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2022-43703 1 Arm 2 Arm Development Studio, Ds Development Studio 2024-02-28 N/A 7.8 HIGH
An installer that loads or executes files using an unconstrained search path may be vulnerable to substitute files under control of an attacker being loaded or executed instead of the intended files.
CVE-2023-39374 1 Forescout 1 Secureconnector 2024-02-28 N/A 7.8 HIGH
ForeScout NAC SecureConnector version 11.2 - CWE-427: Uncontrolled Search Path Element